cancel
Showing results for 
Search instead for 
Did you mean: 
sagarmc004
Level 7

ERROR: pkgc_validate.c Solidcore signature is not verified

Jump to solution

Hi

I am trying to run a MSI package which is self signed. I generated my own keys and I signed this MSI using the keys I generated.

I used makecert from Microsoft to generate the key pair and a codesigning certificate (SPC). Below are the commands I used to create my certificate

Created key pairs using makecert:

makecert -r -pe -n "CN=MY CA" -ss CA -sr CurrentUser -a sha1 -cy authority -sky signature -sv SoCo.pvk SoCo.cer

Imported the certificate to Root using certutil:

certutil -user -addstore Root SoCo.cer

Created code-signing (SPC) Certificate:

makecert -pe -n "CN=SoCo SPC" -a sha1 -cy end -sky signature -ic SoCo.cer -iv SoCo.pvk -sv SoCoSPC.pvk SoCoSPC.cer

Converted the certificate and key into a PFX file:

pvk2pfx -pvk SoCoSPC.pvk -spc SoCoSPC.cer -pfx SoCoSPC.pfx

Used pfx certificate for signing the MSI:

signtool sign /v /f SoCoSPC.pfx D:\My.MSI

Extracted the certificate from MSI using SCGetCerts from Solidcore:

SCGetCerts PathtoMSI Outputpath -O

Added the Certificate to McAfee Solidcore Certificate Store:

Sadmin cert add my.cer

When I tried to install the MSI, I got an error saying that system Administrator has set policies to prevent this installation. I also noticed the ERROR: pkgc_validate.c Solidcore signature is not verified inside solidcore log file.

What is wrong with my certificate ? or Am I not following a proper procedure for code signing ?

Regards,

Sagar

0 Kudos
1 Solution

Accepted Solutions
vyasra
Level 9

Re: ERROR: pkgc_validate.c Solidcore signature is not verified

Jump to solution

Hello Sagar,

Can you please check and let us know the message that you can see after following the below steps:

Right Click on the binary>Properties> Digital Signatures> Select the Name of Signer>Details>View Certificate. Please check the message under Certificate Information.

If the message read out like "Windows does not have enough information to verify the certificate". It traslates that the certificate is not getting validated by Windows API. We use the same Windows API to validate the self signed installers. That can be the reason you are not able to install the self signed installer.

CertificateErro.JPG

Regards,

Rakesh Vyas

0 Kudos
5 Replies
bsingh7
Level 7

Re: ERROR: pkgc_validate.c Solidcore signature is not verified

Jump to solution

Sagar

Could you please share the following

a. gatherinfo.

b. My.MSI that you created

The error log mentioned in your message above indicates the certificate is not trusted, I'll take a look at the cause of the failure and revert back to you on this

0 Kudos
sagarmc004
Level 7

Re: ERROR: pkgc_validate.c Solidcore signature is not verified

Jump to solution

I am able to sign and execute other file formats such as .exe,.dll and .vbs using the above certificate.

Only MSI execution is failing. I verified the My.MSI using signtool for signature, but verification is passed.

The msi contains batch scripts and exe. I also tried installing other MSIs which have only exe and dll, but they too failed. 

The certificate is added to the root and it is trusted on my local machine where I sign the files.

0 Kudos
vyasra
Level 9

Re: ERROR: pkgc_validate.c Solidcore signature is not verified

Jump to solution

Hello Sagar,

Can you please check and let us know the message that you can see after following the below steps:

Right Click on the binary>Properties> Digital Signatures> Select the Name of Signer>Details>View Certificate. Please check the message under Certificate Information.

If the message read out like "Windows does not have enough information to verify the certificate". It traslates that the certificate is not getting validated by Windows API. We use the same Windows API to validate the self signed installers. That can be the reason you are not able to install the self signed installer.

CertificateErro.JPG

Regards,

Rakesh Vyas

0 Kudos
sagarmc004
Level 7

Re: ERROR: pkgc_validate.c Solidcore signature is not verified

Jump to solution

Hi Rakesh,

Yes I see the same message for the signed files on the system where I have installed solidifier. I installed the pfx certificate to the trusted root certificate authority but I still see the same message when I look into the files properties.

How come exe where allowed to install but not *.vbs and *.MSI files even when certificate is not verified by windows ?

How can I make Windows API to validate the certificate ?

Regards,

Sagar

0 Kudos
sagarmc004
Level 7

Re: ERROR: pkgc_validate.c Solidcore signature is not verified

Jump to solution

Hi Rakesh,

Issue resolved. I added the certificate to trusted root and was able to install the MSI. Thanks a lot.

Regards,

Sagar

0 Kudos